The Mozilla family of applications appears to not like -fstack-protector-all. With -fstack-protector, they work. Symptoms include segfaulting on start-up. I've confirmed this on amd6/4x86_64. Below are the ebuilds I tested that were affected. mozilla-1.7.3 (haven't tested higher or lower) mozilla-firefox-1.0_pre-r1 (haven't tested higher or lower) mozilla-thunderbird-0.7.3-r1 mozilla-thunderbird-0.8.0 I also tried epiphany and Galeon, but they're strange. I can't make epiphany start up without crashing no matter WHAT I do; and Galeon just crashes randomly, so I can't solidly confirm that (and hence didn't test). Reproducible: Always Steps to Reproduce: 1. Build Mozilla, Firefox, or Thunderbird -fstack-protector-all 2. Try to run Actual Results: Segfault Expected Results: Uhh, work? I'm using a hardened toolchain. It has been found that -fno-stack-protector will filter -fno-stack-protector and leave -fstack-protector on, if -fstack-protector is also on. Some people may enable -fstack-protector-all. Filtering it may disable -fstack-protector. The following logic may be best: replace-flags -fstack-protector-all -fstack-protector append-flags -fno-stack-protector-all This should ensure that -all users get -fstack, and that hardened users get no -all.
"I've confirmed this on amd6/4x86_64. Below are the ebuilds I tested that were affected." amd64/x86_64 Please test on x86 and other archs.
uhh thunderbird -fno-stack-protector's, I gotta retest that. The other two stand.
alright, thunderbird starts. icebox bluefox # grep __guard /usr/lib/MozillaThunderbird/thunderbird-bin Binary file /usr/lib/MozillaThunderbird/thunderbird-bin matches Yes. 0.7.3-r1 works with -fstack-protector
Eratta: "I'm using a hardened toolchain. It has been found that -fno-stack-protector will filter -fno-stack-protector and leave -fstack-protector on, if -fstack-protector is also on." Was I even awake when I wrote this? Replace with the below paragraph: I'm using a hardened toolchain. It has been found that -fno-stack-protector-all will filter -fstack-protector-all and leave -fstack-protector on, if -fstack-protector is also on.
Okay, so the recommendation is to add -fno-stack-protector-all and put in -fstack-protector? One of our devs did this with firefox recently, so I have no problem making it global on amd64.
Yes, the resolution is to s/-fstack-protector-all/fstack-protector/
Tracking this at Bug 83511 now... *** This bug has been marked as a duplicate of 83511 ***